Lucene search
K
CnnvdMost viewed

195539 matches found

CNNVD
CNNVD
added 2026/05/25 12:0 a.m.25 views

WordPress plugin eMagicOne Store Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

9.3CVSS5.9AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.25 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the id and ticketid GET parameters in the patient.php file, allowing...

5.4CVSS5.7AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.25 views

WordPress plugin NextGEN Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.25 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by the reuse of the JavaScript: WebAssembly component after it was released...

7.3CVSS5.8AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.25 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the sm-policies Endpoint called...

7.5CVSS6.1AI score0.00477EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.25 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bounds read issue in the fnnlcthelperdumptable function within netfilter nfnetlink. Thi...

7.1CVSS5.8AI score0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.25 views

Code-MCP 注入漏洞

Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Code-MCP has a vulnerability that stems from the operation of the MCP Tool component in the gitoperation function located in the src/codemcp/server.py file. This vulnerability may lead to command injection...

7.5CVSS7.1AI score0.01339EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.25 views

Mikrotik RouterOS 信任管理问题漏洞

Mikrotik RouterOS is an operating system for network devices developed by the Latvian company Mikrotik. There is a vulnerability in MikroTik RouterOS’s trust management mechanism. This vulnerability stems from the shared certificate validation logic, which leads to scope confusion. As a result, a...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.25 views

DOMPurify 跨站脚本漏洞

DOMPurify is a JavaScript-based tool developed by Cure53’s individual developer, designed for working with the DOM Document Object Model in HTML, MathML, and SVG. Versions 3.0.1 to 3.3.3 of DOMPurify contain cross-site scripting vulnerabilities. These vulnerabilities stem from XSS attacks that...

6.9CVSS5.8AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.25 views

JetKVM 安全漏洞

JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the authenticity of downloaded firmware files. This could allow intermediate parties o...

7CVSS6.1AI score0.00128EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.25 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contained security vulnerabilities. These vulnerabilities...

5.1CVSS5.8AI score0.03121EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.25 views

RethinkDB security vulnerabilities

RethinkDB is an open-source database developed by RethinkDB. RethinkDB versions 2.4.4 and earlier have a security vulnerability. This vulnerability stems from a buffer overflow in the JSON parsing component cJSON.Cc, which could allow for the execution of arbitrary code...

10CVSS6.3AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.25 views

Ateme Flamingo XL 安全漏洞

Ateme Flamingo XL is an application from Ateme, Inc. A security vulnerability exists in Ateme Flamingo XL version 3.2.9, which stems from a restricted shell escape and could lead to the execution of arbitrary commands...

10CVSS7AI score0.00718EPSS
Exploits2References4
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.25 views

Synology DiskStation Manager和Synology Unified Controller 缓冲区错误漏洞

Synology DiskStation Manager DSM and Synology Unified Controller are both products of China-based Synology, Inc.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS to...

7.5CVSS6.6AI score0.0042EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.25 views

WordPress plugin BMI Adult & Kid Calculator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS5.8AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/19 12:0 a.m.25 views

Vasion Print Virtual Appliance Host和Vasion Print Application 安全漏洞

Vasion Print Virtual Appliance Host and Vasion Print Application are both products of Vasion Corporation of the U.S.A. Vasion Print Virtual Appliance Host is a print management software.Vasion Print Application is a printer management application. A security vulnerability exists in Vasion Print...

9.8CVSS6.5AI score0.00746EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.25 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of NULL checking of string arrays in ALSA usb scarlett2, which could lead to null pointer dereferenci...

5.5CVSS6.1AI score0.00143EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.25 views

IBM TS4500 跨站脚本漏洞

The IBM TS4500 is a scalable tape library from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM TS4500 versions 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00, which stems from the presence of cross-site scripting in the web interface that could...

5.4CVSS6AI score0.00166EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.25 views

Moodle 授权问题漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. An authorization issue vulnerability exists in Moodle versions 3.x through 3.11.18, which stems from a session fixation...

4.2CVSS6.6AI score0.00261EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.25 views

VMware vCenter Server 安全漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

8.8CVSS7.1AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.25 views

ASUS AiCloud 安全漏洞

AiCloud is a cloud service from ASUS, designed to provide easy access to the data inside the router's back-up devices such as USBs or PCs, as well as uploading, downloading, playing music online, browsing documents online, sharing links to Facebook, and setting up Smart Sync to synchronize with t...

9.2CVSS9.1AI score0.01017EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.25 views

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a virtual machine management software from Oracle Corporation USA. A security vulnerability exists in Oracle VM VirtualBox version 7.1.6, which originates from an elevated-privilege attacker that can be exploited via the login infrastructure and could lead to unauthorized...

8.1CVSS7.2AI score0.00541EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.25 views

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from the exposure of sensitive information ...

2.3CVSS6.2AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.26 views

MongoDB Server 安全漏洞

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A denial of service vulnerability exists in MongoDB Server. The vulnerability...

6.5CVSS6.8AI score0.00387EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/05 12:0 a.m.25 views

F5 iControl REST和F5 BIG-IP TMOS Shell 操作系统命令注入漏洞

F5 iControl REST and F5 BIG-IP TMOS Shell are both products of F5 Corporation, U.S.A. F5 iControl REST is a development framework. and F5 BIG-IP TMOS Shell is a command line. An operating system command injection vulnerability exists in F5 iControl REST and F5 BIG-IP TMOS Shell that stems from th...

8.8CVSS7.6AI score0.0707EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.25 views

AutomationDirect C-More EA9 Programming Software 缓冲区错误漏洞

AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. AutomationDirect C-More EA9 Programming Software suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data when parsing an EAP9 file, resulting ...

7.8CVSS8AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/29 12:0 a.m.25 views

Celk Sistemas Celk Saude 安全漏洞

Celk Sistemas Celk Saude is a health sector management software from Celk Sistemas, Brazil. A security vulnerability exists in Celk Sistemas Celk Saude version 3.1.252.1, which originates from the presence of a hypertext markup language injection vulnerability that allows an attacker to inject...

6.1CVSS7.4AI score0.00316EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/11 12:0 a.m.25 views

IBM InfoSphere Information Server和IBM InfoSphere DataStage Flow Designer 安全漏洞

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer are both products of International Business Machines IBM.IBM InfoSphere Information Server is a data integration platform. The platform can be used to integrate data information obtained from various sources.IBM InfoSphe...

6.5CVSS6.2AI score0.00336EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.25 views

ChargePoint Home Flex 信息泄露漏洞

ChargePoint Home Flex is a series of electric vehicle charging devices from ChargePoint USA. An information disclosure vulnerability exists in the ChargePoint Home Flex, which stems from a Bluetooth low-power information disclosure in the Wi-Fi setup logic, which could lead to a network-adjacent...

5.7CVSS3.7AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.25 views

AnyDesk 安全漏洞

AnyDesk is a remote desktop connection software from AnyDesk Germany. A security vulnerability exists in AnyDesk 8.1.0 and earlier versions, which stems from the ability to inadvertently expose public IP addresses in network traffic...

7.5CVSS6.8AI score0.01178EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/10/20 12:0 a.m.25 views

WordPress plugin LiteSpeed Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS9.3AI score0.83178EPSS
Exploits7References7
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.25 views

Apache Solr 安全漏洞

Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. An authentication error vulnerability exists in Apache Solr that stems from the...

9.8CVSS7AI score0.90709EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.25 views

Microsoft Windows Netlogon 授权问题漏洞

Microsoft Windows Netlogon is an important component of Windows from Microsoft Corporation USA, whose main functions are authentication of users and machines on intra-domain networks and replication of databases for domain-controlled backups, as well as maintenance of relationships between domain...

9CVSS6.5AI score0.01153EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.25 views

WordPress plugin Checkout Field Editor for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.2AI score0.00426EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/09 12:0 a.m.25 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from an expired OTP code remaining available when using FreeOTP when the OTP tok...

4.8CVSS5.4AI score0.00393EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.25 views

Laravel Starter Security Vulnerability

Laravel Starter is a simple starter project based on Laravel 11.x by Nasir Khan Saikat individual developer. A security vulnerability exists in Laravel Starter version 11.8.0 and earlier versions, which stems from an incorrect manipulation of the parameter Email that results in response...

6.3CVSS6.7AI score0.0065EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/06/08 12:0 a.m.25 views

WordPress plugin Rife Free security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.8AI score0.00261EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.25 views

Monstra CMS Security Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. An attacker can exploit the vulnerability to execute arbitrary code by uploading specially crafted PHP files...

8CVSS7.7AI score0.00722EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.25 views

编号撤回

wandb is a tool for visualizing and tracking machine learning experiments. This CVE number has been withdrawn...

7.6AI score
Exploits0References2
CNNVD
CNNVD
added 2024/05/09 12:0 a.m.25 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that is due to free usage in Visuals. An attacker can exploit this vulnerability to execute arbitrary code on a system...

9.6CVSS9.3AI score0.08348EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.25 views

Sante DICOM Viewer Pro 安全漏洞

Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter and PACS client from Santesoft Cyprus. Works with DICOM files of all models and manufacturers. A security vulnerability exists in Sante DICOM Viewer Pro, which stems from a lack of proper validation of user-supplied data...

8.8CVSS8AI score0.00916EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.25 views

WordPress Plugin No-Bot Registration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS6.4AI score0.002EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/05 12:0 a.m.25 views

WordPress plugin Gutenberg Blocks by Kadence Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

6.5CVSS8.2AI score0.00427EPSS
Exploits3References3
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.25 views

s::can moni::tools SQL Injection Vulnerability

s::can moni::tools is a platform from s::can for managing a virtually unlimited number of sites, online probes, analyzers, and parameters. A SQL injection vulnerability exists in s::can moni::tools version 4.6.3, which originates from the ability to send a specially crafted SQL query to the serve...

9.8CVSS7.6AI score0.02165EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.25 views

Dell BIOS Security Vulnerability

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. A security vulnerability exists in Dell BIOS that stems from the inclusion of an incorrect null termination vulnerability...

6.8CVSS6.8AI score0.00493EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/21 12:0 a.m.25 views

GitLab Access Control Error Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an Access Control Error vulnerability that stems from the...

7.7CVSS7.1AI score0.00455EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.25 views

stereoscope path traversal vulnerability

stereoscope is a library for working with container image contents, layer file trees, and compressed file trees. A path traversal vulnerability exists in stereoscope versions prior to 0.0.1, which stems from an attempt by Stereoscope to unarchive content that will result in writing to a path...

9.8CVSS6.8AI score0.00393EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/11 12:0 a.m.25 views

Google Chromecast Security Breach

Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast has a security vulnerability that stems from the presence of a code executio...

9.8CVSS7.5AI score0.00372EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.25 views

Microsoft ASP.NET Core Security Vulnerability

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core. An...

8.2CVSS6.5AI score0.02777EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.25 views

WordPress Plugin Meks Audio Player Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References11
Total number of security vulnerabilities5000